Create and Configure Oracle Wallet
Oracle Wallet is a file that stores database authentication and signing credentials. It allows users to securely access databases without providing credentials to third-party software (for example, Netwrix Auditor), and easily connect to Oracle products, including located in the clouds (e.g. Autonomous Data Warehouse).
A configured Wallet consists of two files,
ewallet.p12 stored in a secure Wallet directory
To allow Netwrix Auditor to work with Oracle Wallets, do the following:
- Create Oracle Wallet
- Install Oracle Instant Client
- Configure Oracle Instant Client for HTTP Proxy Connections
- Update Existing Oracle Client Installation
There are multiple methods to create Oracle Wallet files. For example:
- Using Oracle Wallet Manager. Refer to the following Oracle help article for more information: Creating a New Oracle Wallet.
- Using a console. As an example, refer to the following Oracle help article for WebLogic JDBC: Creating and Managing Oracle Wallet.
- Using other Oracle products. For example, Autonomous Data Warehouse. Refer to the following Oracle help article for more information: Download Client Credentials (Wallets).
To perform clear install of Oracle Instant Client, follow the instructions below. If you have Oracle Client installed, refer to Update Existing Oracle Client Installation section for more information.
- Download the appropriate package from Oracle website: Instant Client Packages. Netwrix recommends installing the latest available version but the product is compatible with version 12 and above.
Download client credentials and store the file in a secure location. See Download Client Credentials (Wallets) for more information.
- Unzip your credentials file into a secure location.
- Navigate to a folder where you unzipped your credentials and locate the sqlnet.ora file.
"?/network/admin"parameter with the name of the folder containing client credentials. For example:
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="D:\\myapp\\atp_credentials")))
TNS_ADMINenvironment variable and set it to the location of the credentials file.
NOTE: This variable is used to change the directory path of Oracle Net Services configuration files from the default location of
ORACLE_HOME\network\adminto the location of the secure folder containing the credentials file you saved in Step 2. Set the
TNS_ADMINenvironment variable to the directory where the unzipped credentials files are, not to the credentials file itself.
Navigate to a folder where you unzipped your credentials and locate the tnsnames.ora file. The file is used to map connection information for each Oracle service to a logical alias.
Review sample tnsnames.ora file where
myOracle– is a logical alias for the wallet:
(address=((ADDRESS = (PROTOCOL = TCP)(HOST = server1)(PORT = 1521))
NOTE: Keep in mind that the wallet alias in the configuration file must equal to Netwrix Auditor item name.
If the client is behind a firewall and your network configuration requires an HTTP proxy to connect to the internet, perform the following steps to update the
NOTE: HTTP proxy connections are available starting with Oracle Instant Client 184.108.40.206 or later.
Add the following line to the
sqlnet.orafile to enable connections through an HTTP proxy:
tnsnames.ora.file and add the following HTTP proxy connection definitions:
https_proxy— specify the proxy server hostname. For example,
https_proxy_port— specify port used for HTTP proxy connection. For example,
Review configuration example:
(security=(ssl_server_cert_dn="atpc.example.oraclecloud.com,OU=Oracle BMCS US,O=Oracle Corporation,L=Redwood City,ST=California,C=US")
tnsnames.ora for the HTTP proxy may not be enough depending on your organization's network configuration and security policies. For example, some networks require a username and password for the HTTP proxy. In such cases, contact your network administrator to open outbound connections to hosts in the oraclecloud.com domain using port
1522 without going through an HTTP proxy.
Netwrix assumes that you have
tnsnames.ora files and the
TNS_ADMIN environment variable.
Do the following:
Update your sqlnet.ora file. Example:
WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY="/home/atpc_credentials")))
Copy the entries in the
tnsnames.orafile provided in the Autonomous Transaction Processing wallet to your existing